This question about Installation of Foswiki, Configuration, Registration, Authentication or Authorisation, Issue in browser: Answered

Cannot login to a configured Foswiki in the Katacoda environment

Dear Foswiki,

I have recently discovered Katacoda as a vehicle for training. I am attempting to set up a Foswiki environment under Apache in that framework. I got past configure, but now I need some advice.

Katacoda provides access to the installed environment via url: https://2886795332-80-ollie02.environments.katacoda.com/foswiki. I believe this works sending the request to the katacoda farm where nginx is listening on port 443 (https). nginx then forwards the request to the environment 2886795332-80-ollie02 where my apache2 server is listening on port 80 (http).

First problem I struck was that my browser Firefox (67.0.3 (32 bit)) detected mixed active content and blocked pretty much everything that was returned by Foswiki. I addressed that by changing the Firefox configuration in about:conf to security.mixed_content.block_active_content boolean false.

I can now run configure and complete the bootstrap. Foswiki view works without issues.

However, I am stuck with the login sequence and would appreciate advice on how to proceed. The symptom is:
  • Click login on Main.WebHome
  • Attempt login as admin/password (as configured with configure)
  • The Foswiki events log says AUTHENTICATION SUCCESS - admin - Firefox
  • The Main.WebHome page returns, and I am NOT logged in.

I expect the problem is caused by the translation in nginx from https to http and the request is somehow not associated with the logged in user. But where to look and what to look for? Is it a problem to refer to Katacoda? Any advice is appreciated.

UPDATE 11 Jan 2020 I deployed timlegge/docker-foswiki in a Katacoda docker environment. The result is the same. I can view the topics. And login is reported as successful in the log, but not recognised on the returned page. The http server in docker-foswiki is nginx.

Here is what I observe:

Foswiki events.log

timestamp admin login Main.webHome AUTHENTICATION SUCCESS - admin - Firefox 172.17.0.5

Browser console

POST http://2886795284-80-frugo01.environments.katacoda.com/foswiki/bin/login [HTTP/1.1 302 Found 1175ms]
GET https://2886795284-80-frugo01.environments.katacoda.com/foswiki?validation_key=4a0a08e4b5d78bcdffa89ca3cab1fb38 [HTTP/2.0 200 OK 1275ms]

with the POST

Headers
Request URL:http://2886795284-80-frugo01.environments.katacoda.com/foswiki/bin/login
Request method:POST
Remote address:35.201.124.219:80
Status code: 302
Version:HTTP/1.1
Response headers
Response headers (355 B)   Raw headers
Content-Length   0
Content-Type   text/html; charset=utf-8
Date   Fri, 10 Jan 2020 02:40:45 GMT
Location   http://2886795284-80-frugo01.environments.katacoda.com/foswiki/bin/login?validation_key=(... see Form data below)
Server   nginx/1.15.0
Set-Cookie   FOSWIKISID=7b6788c3c94d5a1ee22…8904383fd8b; path=/; HttpOnly ( ... See Cookies below)
Via   1.1 google
Request headers
Request headers (849 B)   Raw headers
Accept   text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding   gzip, deflate
Accept-Language   en-US,en;q=0.5
Connection   keep-alive
Content-Length   119
Content-Type   application/x-www-form-urlencoded
Cookie   __cfduid=db5986954e51cc90e23ba…9de; FOSWIKI_UPDATESPLUGIN=-1  ( ... See Cookies below)
DNT   1
Host   2886795284-80-frugo01.environments.katacoda.com
Referer   http://2886795284-80-frugo01.environments.katacoda.com/foswiki/bin/login?foswiki_origin=GET%2cview%2c/foswiki
Upgrade-Insecure-Requests   1
User-Agent   Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/67.0
Cookies
Response cookies   
FOSWIKISID   
   httpOnly   true
   path   /
   value   7b6788c3c94d5a1ee227a8904383fd8b
Request cookies   
__cfduid   db5986954e51cc90e23ba6cf6c072266f1578368299
connect.sid   s:BTs4xWu9H0_U-nLdc3SaD51z7PmY-MQU.AyhwLFQ4X69kPXKgMEHIenJbWGzro0uS/pb2fofZDUU
FOSWIKI_UPDATESPLUGIN   -1
FOSWIKISID   25b99e1c633d0d5970d32de23789b421
FOSWIKISTRIKEONE   a4fa6e1c97418db05e53b540f55b69de
Form
validation_key   4a0a08e4b5d78bcdffa89ca3cab1fb38
username   admin
password   password
foswiki_origin   GET,view,/foswiki

with the GET

Headers
Request URL:https://2886795284-80-frugo01.environments.katacoda.com/foswiki?validation_key=4a0a08e4b5d78bcdffa89ca3cab1fb38
Request method:GET
Remote address:35.201.124.219:443
Status code:
200
Version:HTTP/2.0
Response headers
Response headers (449 B)   
alt-svc   clear
cache-control   max-age=0
content-type   text/html; charset=utf-8
date   Fri, 10 Jan 2020 02:40:46 GMT
server   nginx/1.15.0
set-cookie   FOSWIKISID=9dd4e45cf18cbfa8b98…20e6006b4e1; path=/; HttpOnly
set-cookie   FOSWIKISTRIKEONE=91684a9aeed50b7ccf53e538a2405af1; path=/
vary   Accept-Encoding
via   1.1 google
X-Firefox-Spdy   h2
x-foswiki-monitor-rendertime   0.265981
x-foswiki-validation   635d6bee53dfad707536a1a7c79fb490
Request headers
Request headers (766 B)   
Accept   text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding   gzip, deflate, br
Accept-Language   en-US,en;q=0.5
Connection   keep-alive
Cookie   __cfduid=db5986954e51cc90e23ba…9de; FOSWIKI_UPDATESPLUGIN=-1
DNT   1
Host   2886795284-80-frugo01.environments.katacoda.com
Referer   http://2886795284-80-frugo01.environments.katacoda.com/
TE   Trailers
Upgrade-Insecure-Requests   1
User-Agent   Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/67.0
Cookies
Response cookies   
FOSWIKISID   
  httpOnly   true
  path   /
  value   9dd4e45cf18cbfa8b982d20e6006b4e1
FOSWIKISTRIKEONE   
  path   /
  value   91684a9aeed50b7ccf53e538a2405af1

Request cookies   
__cfduid   db5986954e51cc90e23ba6cf6c072266f1578368299
connect.sid   s:BTs4xWu9H0_U-nLdc3SaD51z7PmY-MQU.AyhwLFQ4X69kPXKgMEHIenJbWGzro0uS/pb2fofZDUU
FOSWIKI_UPDATESPLUGIN   -1
FOSWIKISID   7b6788c3c94d5a1ee227a8904383fd8b
FOSWIKISTRIKEONE   a4fa6e1c97418db05e53b540f55b69de
Params
   
Query string   
  validation_key   4a0a08e4b5d78bcdffa89ca3cab1fb38

-- AdminUser - 10 January 2020

-- BramVanOosterhout - 10 Jan 2020

Solution

This problem has been solved. After much Googling and learning about authentication in general and reading the UserAuthentication page several times I guessed that the IP matching for the session might interfere with the Katacoda to Foswiki transition. The Katacoda IP is different from the foswiki container IP.

So I turned {Sessions}{UseIPMatching} off. And presto, the site works!!!

The comment with {Sessions}{UseIPMatching} is illuminating:
Enable this option to prevent a session from being accessed by more than one IP Address. This gives some protection against session hijack attacks. This option may or may not be helpful, Public web sites can easily be accessed by different users from the same IP address when they access through the same proxy gateway, meaning that the protection is limited. Additionally, people get more and more mobile using a mix of LAN, WLAN, and 3G modems and they will often change IP address several times per day. For these users IP matching causes the need to re-authenticate whenever their IP Address changes and is quite inconvenient.. Note that the CGI::Session tutorial strongly recommends use of IP Matching for security purposes, so it is now enabled by default....
Thanks for listening.

-- BramVanOosterhout - 12 Jan 2020
 

QuestionForm edit

Subject Installation of Foswiki, Configuration, Registration, Authentication or Authorisation, Issue in browser
Extension
Version Foswiki 2.1.6
Status Answered
Related Topics
Topic revision: r3 - 12 Jan 2020, BramVanOosterhout
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy